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REMARKS 

This Amendment is in response to the first Office Action dated February 27, 2004. In 
that Office Action, claims 1-46 were examined and all were rejected. More specifically, claims 
1-46 were rejected under 35 U.S.C. § 102(e) as anticipated by Scheifler et al. (USPN 6,138,238). 

In this response, claims 1, 5-8, 20, 28 and 33-35 have been amended and no claims have 
been canceled. No new claims have been added. Claims 1-46 are pending in this application. 
Reexamination and reconsideration of the pending claims in light of these remarks is respectfully 
requested. 

Amendments to the Specification 

The specification has been amended to add serial numbers for the referenced 
applications. Also, typographical errors have been corrected. It is believed that no new matter 
has been added by these amendments. 

Claim Rejections - 35 U.S.C. § 102 

Claims 1-46 stand rejected under 35 U.S.C. § 102(e) as anticipated by Scheifler et al. 
(USPN 6,138,238, hereinafter "Scheifler"). The Applicants traverse the § 102 rejections because 
the Examiner has failed to substantiate a prima facie case of anticipation because at least one of 
the requirements of a prima facie case is absent. In particular, the cited reference does not 
identically disclose all the limitations of the independent claims and thus the claims are not 
anticipated under 35 U.S.C. § 102. 

Independent claims K 20 and 28 

Independent claims 1, 20 and 28 of the present application recite a dynamically modified 
set of permissions. One aspect of the present invention relates to a system and/or process of 
evaluating permissions within a stack wherein code frames and/or assemblies can dynamically 
modify or override the set of available permissions. As further defined in dependent claims, 
these stack overrides may assert permissions such that no more stack walking is necessary, deny 
permissions even where otherwise allowed, and permit only permissions for specific or limited 
uses. Moreover, the dynamic modification to the set of permissions relates to the permissions 
themselves and does not relate to a general or global privilege granting all permissions. 
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Consequently, the present invention has enhanced control based the dynamic adjustment of 
specific permissions available. 

Scheifler generally describes a security policy that is based on the executor and the 
source of the code. The domain protection objects are therefore static in nature based on these 
two items of information. Scheifler does not teach or describe the dynamic modification of a set 
of permissions. That is, given the static nature of the source of the code and the executor of the 
code, Scheifler cannot and does not provide a method or even a reason to dynamically adjust the 
set of permissions available. Moreover, Scheifler shows the use of a general or global privilege 
method that, when called, allows for all subsequent methods to perform privileged methods. 
Such a method must be called by the code frame, such that Scheifler describes a method of 
obtaining permission in an explicit manner, as opposed to a manner that simply modifies the 
permission set dynamically. Furthermore, using a global privilege flag is clearly different from 
precisely modifying or changing the subset of permissions. 

Under 35 U.S.C. § 102, a reference must show or describe each and every element 
claimed in order to anticipate the claims. Verdegaal Bros. v. Union Oil Co. of California 814 
F.2d 628 (Fed. Cir. 1987) ("A claim is anticipated only if each and every element as set forth in 
the claim is found, either expressly or inherently described, in a single prior art reference.") 
Accordingly, Scheifler cannot, as a matter of law, anticipate claims 1, 20 or 28. Specifically, 
Scheifler does not explicitly or inherently include the limitation of dynamically modifying the set 
of permissions and therefore cannot anticipate the Applicants' invention. Additionally, claims 2- 
12, 21-25 and 29-39 depend directly or indirectly from claims 1, 20 or 28 such that it is believed 
these claims are also allowable, for at least the reasons stated above. Reconsideration of the 
outstanding rejections as they apply to these claims is respectfully requested. 

Independent claims 13, 26 and 40 

Independent claims 13, 26 and 40 recite the calculation and/or caching of an intersection 
of permissions. Scheifler, however, does not show or describe such a cached intersection, or any 
intersection for that matter. The Examiner asserts that Scheifler discloses the computation of an 
intersection of permissions because Scheifler has an "access controller," that is used "to 
determine the access rights of a thread having a call stack with multiple methods whose code 
arrived from multiple sources or whose code is requested to be executed on behalf of multiple 
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principals." (col. 14, line 62 to col. 15, line 4). Granted, the access controller in Scheifler is 
used to determine whether a particular action may be performed by a thread. "Specifically, 
before the resource management object accesses a resource, the resource management object 
invokes a check permission method of an access controller object." (col. 15, lines 11-13). The 
process used by the check permission method, however, is not the same as calculating an 
intersection. That is, the actual determination of whether permission is available is done by 
walking through and evaluating all of the different, associated protection domain objects. {See 
col. 17, line 44 - col. 19, line 52). The process of evaluating each set of permissions in truV 
manner is, in fact, described by the Applicants in the present application as prior art. Thus, 
Scheifler clearly does not compute an intersection, let alone cache the intersection to reduce the 
time it takes to determine whether permission should be granted. Indeed, the only provision that 
Scheifler provides that avoids checking each and every permission set is if one sets a privilege 
flag. However, setting and acting based on a privilege flag, while ignoring the other permission 
sets, is entirely different from calculating an intersection (which accounts for all the permission 
sets) and acting based on the intersection. 

As discussed above, under 35 U.S.C. § 102, a reference must show or describe each and 
every element claimed in order to anticipate the claims. Accordingly, Scheifler cannot, as a 
matter of law, anticipate claims 13, 26 and/or 40 since it does not explicitly or inherently include 
the limitation of calculating an intersection and therefore cannot anticipate the Applicants' 
invention. Since claims 14-19, 27, and 41-46 depend directly or indirectly from claims 13, 26 or 
40, it is believed these claims are also allowable, for at least the reasons stated above. 
Reconsideration of these rejections is respectfully requested. 

Since the remarks above are believed to distinguish over the applied reference, any 
remaining arguments supporting the claim rejections are not acquiesced to because they are not 
addressed herein. 

Conclusion 

As originally filed, the present application included 46 claims, 6 of which were 
independent. As amended, the present application still includes 46 claims, 6 of which are 
independent. Accordingly, it is believed that no further fees are due with this Response. 
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However, the Commissioner is hereby authorized to charge any deficiencies or credit any 
overpayment with respect to this patent application to deposit account number 13-2725. 

In light of the above remarks and amendments, it is believed that the application is now 
in condition for allowance, and such action is respectfully requested. Applicants believe that this 
response and amendment fully addresses each of the Examiners rejections. Should any 
additional issues need to be resolved, the Examiner is requested to telephone the undersigned to 
attempt to resolve those issues. 



Respectfully submitted, 





Timothy B./Scull, Re$. No. 42,137 
MERCHANT & GOULD P.C. 
P.O. Box 2903 

Minneapolis, MN 55402-0903 
303.357.1648 
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